Best FTP client to get
Karl Auer
kauer at biplane.com.au
Fri Oct 23 13:57:28 UTC 2009
On Fri, 2009-10-23 at 22:58 +1000, Res wrote:
> well said... the OP asked about uploading his website, which infers the
> information is to be public anyway
Here are a few things a bad guy can do with that FTP password:
- he can remove the public information that the OP wants to present
- he can put up additional information that the OP does NOT want on his
website - think nasty pictures
- he can deface the public information on the site
- he can subvert the public information on the site
- he can use the site as a secret file server - there is no sign that
the site has been hacked, except that data and transfer quotas blow out.
- if the site is used as a secret file server, better hope it's not
serving something illegal, because then you could be in serious trouble
- he can add things to your web pages that are not visible, but do
damage - malware. Google "gumblar" for just one example
> some people need to put their paranoid brains into gear before their
> fingers
Some people need to realise that sometimes, a little paranoia is
healthy.
There is really no good reason to still be using ftp to upload websites.
There are great tools around that do everything ftp does, but do it
securely.
> , and i dont know of any shared hosting
> providor who allows users secure shell (of any kind) access.
Google "web host ssh shell" or similar and start counting...
We have used about five different hosting providers for our various
customers, and when we are choosing a provider "no secure access" means
"no sale". Secure access doesn't necessarily mean shell access, by the
way.
None of this applies to your own data. If it's your own personal
website, or your own company's website, you can do what you like! But if
you have responsibility for someone else's data, then you have an
obligation to take sensible precautions, and that does not include
sending cleartext passwords over the Internet.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20091024/2a135237/attachment.sig>
More information about the ubuntu-users
mailing list